Apache Conf

Hi guys,

our server has been getting attacked everyday by some people,,, what happens is that they find one file on our server (lets say a zip file 5 meg ) and they make soooo many connections to the same file that the server stops functioning pretty much, I looked over the maxclient config for httpd.conf and doubled the number, but after 2 minutes, it would reach the new maxclient again,,, i ended up grabbing that ip and block it in the iptable, now my question is,,, is there a way that in apache you can limit the number of requests for each ip and reject all the other connections? or can you suggest any other way to protect our selfs agains this attacks?

Use a script
I lack the time to learn/write one for you right now but i'll provide the blueprints.

add something like this as a cronjob, to be run every x-minutes ( 2 minutes? ) .. would still give your attacker 2 minutes to hammer your server :S
:
tail -n 500 /var/log/apache2/access_log
if 3 or more lines contain the same IP and the same *.zip filename then block that ip in your firewall

Featured Post

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.